mirror/gluon-packages
1
0
Fork 0
mirror of https://github.com/freifunk-gluon/packages.git synced 2024-06-18 05:03:58 +02:00
Code Releases Activity

gluon-firewall: enable conntrack on WAN

Browse Source 
Otherwise, the state match doesn't work, not allowing replies to outgoing
packets to get in.
This commit is contained in:
Matthias Schiffer 2014-06-13 21:56:32 +02:00
parent cbb2beeae9
commit 7004c12983
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-wan-firewall
View File

@ -9,6 +9,7 @@ local c = uci.cursor()
local function reject_input_on_wan(zone) local function reject_input_on_wan(zone)
if zone.name == 'wan' then if zone.name == 'wan' then
c:set('firewall', zone['.name'], 'input', 'REJECT') c:set('firewall', zone['.name'], 'input', 'REJECT')
c:set('firewall', zone['.name'], 'conntrack', '1')
end end
return true return true